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Abstract 


This document specifies the algorithms, algorithm parameters, 
asymmetric key formats, asymmetric key sizes, and signature formats 
used in BGPsec (Border Gateway Protocol Security). This document 
updates RFC 7935 ("The Profile for Algorithms and Key Sizes for Use 
in the Resource Public Key Infrastructure") and obsoletes RFC 8208 
("BGPsec Algorithms, Key Formats, and Signature Formats") by adding 


Documentation and Experimentation Algorithm IDs, correcting the range 


of unassigned algorithms IDs to fill the complete range, and 
restructuring the document for better reading. 


This document also includes example BGPsec UPDATE messages as well as 


the private keys used to generate the messages and the certificates 
necessary to validate those signatures. 


Status of This Memo 
This is an Internet Standards Track document. 


This document is a product of the Internet Engineering Task Force 


(IETF). It represents the consensus of the IETF community. It has 
received public review and has been approved for publication by the 
Internet Engineering Steering Group (IESG). Further information on 


Internet Standards is available in Section 2 of RFC 7841. 


Information about the current status of this document, any errata, 
and how to provide feedback on it may be obtained at 
https://www.rfc-editor.org/info/rfc8608. 
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Introduction 


This document specifies the following: 


o the digital signature algorithm and parameters, 


o the hash algorithm and parameters, 


o the algorithm identifier assignment and classification, 


o the public and private key formats, and 
o the signature formats 


used by Resource Public Key Infrastructure (RPKI) Certification 
Authorities (CAs) and BGPsec (Border Gateway Protocol Security) 
speakers (i.e., routers). CAs use these algorithms when processing 
requests for BGPsec Router Certificates [RFC8209]. Examples of when 
BGPsec routers use these algorithms include requesting BGPsec 
certificates [RFC8209], signing BGPsec UPDATE messages [RFC8205], and 
verifying signatures on BGPsec UPDATE messages [RFC8205]. 


This document updates [RFC7935] to add support for a) a different 
algorithm for BGPsec certificate requests, which are issued only by 
BGPsec speakers; b) a different Subject Public Key Info format for 
BGPsec certificates, which is needed for the specified BGPsec 
signature algorithm; and c) different signature formats for BGPsec 
signatures, which are needed for the specified BGPsec signature 
algorithm. The BGPsec certificates are differentiated from other 
RPKI certificates by the use of the BGPsec Extended Key Usage as 
defined in [RFC8209]. BGPsec uses a different algorithm [RFC6090] 
[DSS] from the rest of the RPKI to provide similar security with 
smaller keys, making the certificates smaller; these algorithms also 
result in smaller signatures, which make the PDUs smaller. 


Appendix A (non-normative) contains example BGPsec UPDATE messages as 
well as the private keys used to generate the messages and the 
certificates necessary to validate the signatures. 


1. Terminology 
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
"SHOULD", “SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 


"OPTIONAL" in this document are to be interpreted as described in 
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all 
capitals, as shown here. 
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1.2. Changes from RFC 8208 


This section describes the significant changes between [RFC8208] and 
this document. 


o Added Section 2.1 containing Algorithm ID types. Also, the 
interpretation of these IDs is described. 


o Restructured Sections 2 and 3 to align with the corresponding 
algorithm suite identifier value. 


o Corrected the range for unassigned algorithm suite identifier 
values. 


o Added Documentation algorithm suite identifier values. 


o Added Experimentation algorithm suite identifier values. 


o Changed the next-hop IP in Appendix A's IPv6 example to use a 
private usage IPv6 address. 


2. Algorithms 


The algorithms used to compute signatures on CA certificates, BGPsec 
Router Certificates, and Certificate Revocation Lists (CRLs) are as 
specified in Section 2 of [RFC7935]. This section addresses 
algorithms used by BGPsec [RFC8205] [DSS]. For example, thes 
algorithms are used by BGPsec routers to sign and verify BGPsec 
UPDATE messages. To identify which algorithm is used, the BGPsec 
UPDATE message contains the corresponding algorithm ID in each 
Signature_Block of the BGPsec UPDATE message. 


2.1. Algorithm ID Types 


Algorithms in BGPsec UPDATE messages are identified by the Algorithm 
Suite Identifier field (algorithm ID) within the Signature_Block (see 
Section 3.2 of [RFC8205]). 


This document specifies five types of Algorithm IDs: 


o Reserved Algorithm ID 


Reserved algorithm IDs are the values 0x00 (0) and OxFF (255). 
These IDs MUST NOT be used in a Signature_Block, and if 
encountered, the router MUST treat BGPsec UPDATE messages as 
malformed [RFC4271]. 
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o Signature Algorithm ID 


Signature algorithms are defined in Section 2.2 of this document. 
Processing of BGPsec UPDATE signing and validation using signature 
algorithms is described at length in Sections 4.2 and 5.2 of 
[RFC8205]. 


o Unassigned Algorithm ID 


This type of Algorithm ID is free for future assignments and MUST 
NOT be used until an algorithm is officially assigned (see 
Section 7). In case a router encounters an unassigned algorithm 
ID in one of the Signature_Blocks of a BGPsec UPDATE message, the 
router SHOULD process the Signature_Block as an unsupported 
algorithm as specified in Section 5.2 of [RFC8205]. 


o Experimentation Algorithm ID 


Experimentation algorithm IDs span from OxF7 (247) to OxFA (250). 
To allow experimentation to accurately describe deployment 
examples, the use of publicly assigned algorithm IDs is 
inappropriate, and a reserved block of Experimentation algorithm 
IDs is required. This ensures that experimentation does not clash 
with assigned algorithm IDs in deployed networks and mitigates the 
risks to operational integrity of the network through 

inappropriate use of experimentation to perform literal 
configuration of routing elements on production systems. A router 
that encounters an algorithm ID of this type outside of an 
experimental network SHOULD treat it the same as an unsupported 
algorithm as specified in Section 5.2 of [RFC8205]. 


o Documentation Algorithm ID 


Documentation algorithm IDs span from OxFB (251) to OxFE (254). 

To allow documentation to accurately describe deployment examples, 
the use of publicly assigned algorithm IDs is inappropriate, and a 
reserved block of Documentation algorithm IDs is required. This 
ensures that documentation does not clash with assigned algorithm 
IDs in deployed networks and mitigates the risks to operational 
integrity of the network through inappropriate use of 
documentation to perform literal configuration of routing elements 
on production systems. A router that encounters an algorithm ID 
of this type SHOULD treat it the same as an unsupported algorithm 
as specified in Section 5.2 of [RFC8205]. 
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2.2. Signature Algorithms 
2.2.1. Algorithm ID 0x01 (1) - (ECDSA P-256) 


o The signature algorithm used MUST be the Elliptic Curve Digital 
Signature Algorithm (ECDSA) with curve P-256 [RFC6090] [DSS]. 


o The hash algorithm used MUST be SHA-256 [SHS]. 
Hash algorithms are not identified by themselves in certificates or 


BGPsec UPDATE messages. They are represented by an OID that combines 
the hash algorithm with the digital signature algorithm as follows: 


o The ecdsa-with-SHA256 OID [RFC5480] MUST appear in the Public-—Key 
Cryptography Standards #10 (PKCS #10) signatureAlgorithm field 
[RFC2986] or in the Certificate Request Message Format (CRMF) 
POPOSigningKey algorithm field [RFC4211]; where the OID is placed 
depends on the certificate request format generated. 


o In BGPsec UPDATE messages, the ECDSA with SHA-256 algorithm suite 
identifier value 0x01 (1) (see Section 7) is included in the 
Signature_Block List’s Algorithm Suite Identifier field. 


3. Asymmetric Key Pair Formats 


The key formats used to compute signatures on CA certificates, BGPsec 
Router Certificates, and CRLs are as specified in Section 3 of 
[RFC7935]. This section addresses key formats found in the BGPsec 
Router Certificate requests and in BGPsec Router Certificates. 


3.1. Asymmetric Key Pair for Algorithm ID 0x01 (1) - (ECDSA P-256) 


The ECDSA private keys used to compute signatures for certificate 
requests and BGPsec UPDATE messages MUST be associated with the P-256 
elliptic curve domain parameters [RFC5480]. The public key pair MUST 
use the uncompressed form. 


3.1.1. Public Key Format 
The Subject’s public key is included in subjectPublicKeyInfo 


[RFC5280]. It has two sub-fields: algorithm and subjectPublicKey. 
The values for the structures and their sub-structures follow: 


o algorithm (an AlgorithmIdentifier type): The id-ecPublicKey OID 
MUST be used in the algorithm field, as specified in Section 2.1.1 
of [RFC5480]. The value for the associated parameters MUST be 
secp256rl, as specified in Section 2.1.1.1 of [RFC5480]. 
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o subjectPublicKey: ECPoint MUST be used to encode the certificate’s 
subjectPublickey field, as specified in Section 2.2 of [RFC5480]. 


3.1.2. Private Key Format 
Local policy determines private key format. 

4. Signature Formats 
The structure for the certificate’s and CRL’s signature field MUST be 
as specified in Section 4 of [RFC7935]; this is the same format used 
by other RPKI certificates. The structure for the certification 
request’s and BGPsec UPDATE message’s signature field MUST be as 
specified in Section 2.2.3 of [RFC3279]. 


5. Additional Requirements 


It is anticipated that BGPsec will require the adoption of updated 
key sizes and a different set of signature and hash algorithms over 
time, in order to maintain an acceptable level of cryptographic 
security. This profile should be updated to specify such future 
requirements, when appropriate. 


The recommended procedures to implement such a transition of key 
sizes and algorithms are specified in [RFC6916]. 


6. Security Considerations 


The security considerations of [RFC3279], [RFC5480], [RFC6090], 
[RFC7935], and [RFC8209] apply to certificates. The security 
considerations of [RFC3279], [RFC6090], [RFC7935], and [RFC8209] 
apply to certification requests. The security considerations of 
[RFC3279], [RFC6090], and [RFC8205] apply to BGPsec UPDATE messages. 
No new security considerations are introduced as a result of this 
specification. 


7. IANA Considerations 


The Internet Assigned Numbers Authority (IANA) has created the 
"BGPsec Algorithm Suites" registry in the Resource Public Key 
Infrastructure (RPKI) group. The one-octet algorithm suite 
identifiers assigned by IANA identify the digest algorithm and 
signature algorithm used in the BGPsec Signature_Block List’s 
Algorithm Suite Identifier field. 


Per [RFC8208], IANA registered a single algorithm suite identifier 
for the digest algorithm SHA-256 [SHS] and for the signature 
algorithm ECDSA on the P-256 curve [RFC6090] [DSS]. This identifier 
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is still 
this document. 


valid, 


BGPsec Algs, 


Key & Signature Formats 


June 2019 


and IANA has updated the registration to refer to 


IANA has modified the range of the "Unassigned" address space from 


"Ox2-OxEF" to "0x02-OxF6": 
Algorithm Digest Signature Specification 
Suite Algorithm Algorithm Pointer 
Identifier 
Pa SSSSasSeaSs= phin Sale See Ses Poses SSH SaSSe Se Pose SS Se eee SSS Stee os + 
| 0x02-OxF6 | Unassigned | Unassigned | 
i Ena e ss E E E E A naa E A E + 


In addition, 


"Experimentation" and "Documentation": 


Algorithm 
Suite 
Identifier 


The "BGPsec Algorithm Suites" 


Digest 
Algorithm 


the following values: 


Signature 


Algorithm 


IANA has registered the following address spaces for 


Specification 
Pointer 

=-=- — + 
This document | 
——— — — — — EE + 
This document | 
——— — — — + 


registry in the RPKI group now contains 


Algorithm Digest Signature Specification 
Suite Algorithm Algorithm Pointer 
Identifier 
4+------------ 4+----------------- 4+----------------- 4+------------------ + 
0x00 Reserved Reserved This document 
4+------------ 4+-----------------4-----------------4------------------ + 
0x01 SHA-256 ECDSA P-256 [SHS] [DSS] 
[RFC6090] 
This document 
4+------------ 4+-----------------4-----------------4------------------ + 
Ox02-OxF6 Unassigned Unassigned 
4+------------ 4+-----------------4-----------------4------------------ + 
OxF7-OxFA Experimentation Experimentation This document 
4+------------ 4+-----------------4-----------------4------------------ + 
OxFB-OxFE Documentation Documentation This document 
4+------------ 4+-----------------4-----------------4------------------ + 
OxFF Reserved Reserved This document 
4+------------ 4+----------------- 4+----------------- 4+------------------ + 
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Future assignments are to be made using the Standards Action process 
defined in [RFC8126]. Assignments consist of the one-octet algorithm 
suite identifier value and the associated digest algorithm name and 
signature algorithm name. 
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Appendix A. Examples 


A.1. Topology and Experiment Description 
Topology: 
AS (64496) ----AS (65536) —----AS (65537) 


Prefix Announcement: AS (64496), 192.0.2.0/24, 2001:db8::/32 

The signature algorithm used in this example is ECDSA P-256, using 
the algorithm suite identifier ID 0x01 (1) as specified in Section 7 
of this document. 


A.2. Keys 


For this example, the ECDSA algorithm was provided with a static k to 
make the result deterministic. 


The k used for all signature operations was taken from [RFC6979], 
Appendix A.2.5, "Signatures With SHA-256, message = ’sample’". 


Note: Even though the certificates below ar xpired, they are still 
useful within the constraint of this document. 


k = A6E3C57DD01ABE90086538398355DD4C 
3B17AA873382BO0OF24D6129493D8AAD60 


Keys of AS64496: 


ski: AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154 


private key: 
x = D8AA4DFBE2478F86E88A7451BF075565 
709C575AC1C136D081C540254CA440B9 


public key: 
Ux = 7391BABB92A0CB3BE10E5 9B1 9EBFFB21 
4E04A91EOCBA1B139A7D38D90F77E55A 
Uy = A05B8E695678E0FA16904B55D9D4F5C0 
DFC588 95EE5OBC4F75D205A25BD3 6FF5 
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Router Key Certificate example using OpenSSL 1.0.le-fips 11 Feb 2013 
Certificate: 
Data: 
Version: 3 (0x2) 
Serial Number: 38655612 (0x24dd67c) 
Signature Algorithm: ecdsa-with-SHA256 
Issuer: CN=ROUTER-O0OO0OFBFO 
Validity 
Not Before: Jan 1 05:00:00 2017 GMT 
Not After : Jul 1 05:00:00 2018 GMT 
Subject: CN=ROUTER-O0O0O0FBFO 
Subject Public Key Info: 
Public Key Algorithm: id-ecPublicKey 
Public-Key: (256 bit) 
pub: 
04:73:91:ba:bb:92:a0:cb:3b:e1:0e:59:b1:9e:bFf: 
fb:21:4e:04:a9:le:0c:ba:1b:13:9a:7d:38:d9:0Ff: 
77:e€5:5a:a0:5b:8e:69:56:78:e0:fa:16:90:4b:55: 
d9:d4:f£5:c0:df:c5:88:95:ee:50:be:4f:75:d2:05: 
a2:5b:d3:6f:£5 
ASN1 OID: prime256v1 
X509v3 extensions: 
X509v3 Key Usage: 
Digital Signature 
X509v3 Subject Key Identifier: 
AB:4D:91:0F:55:CA:E7:1A:21:5E: 
F3:CA:FE:3A:CC:45:B5:EE:C1:54 
X509v3 Extended Key Usage: 
1355-6... 565 7234.30 
sbgp-autonomousSysNum: critical 
Autonomous System Numbers: 
64496 
Routing Domain Identifiers: 
inherit 


Signature Algorithm: ecdsa-with-SHA256 
30:44:02:20:07:b7:b4: 6a:5f:a4:f1:0C:68:36:39:03:a4:83: 
ec:7¢0:80:02:d2:f6:08:9d:46:b2:ec:2a:7b:e6:92:b3:6f:b1: 
02:20:00:91:05:4a:a1:£5:b0:18:9d:27:24:e8:b4:22:fd:dl: 
1c: £0:3d:b1:38:24:5d:64:29:35:28:8d:ee:0C:38:29 
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MI IBiDCCAS+gAwIBAgIEAk 3Wf£DAKBggghk jOPQQDA jAaMRgwF gYDVQQDDA9ST1VU 
RVItMDAWMEZCRJAWHhHCcNMT cwMTAxXMDUWMDAWWhcNMTgwNzAxMDUwWMDAWwW jAaMRgw 
FgYDVOQQDDA9ST1VURVItMDAWMEZCR jAwWTATBgcqhk jOPQIBBggqhk jOPQOMBBwNC 
AARzkbq7kqDLO+EOWbGev/shTgSpHgy6Gx0afT  jZD3f1WqBb jm1lWeOD6FpBLVdnU 
9cD£XYiV71LC8T3XSBaJb02/102MwYTALBgNVHQ8EBAMCB4AWHQYDVROOBBYEFKtN 
kQ9VyucalV7zyv46zEW17sSFUMBMGA1UdJQOMMA0GCCSGAQUF BwMeMB4GCCSGAQUF 
BwEIAQH/BA8wDaAHMAUCAwD7 8KECBQAWCgYIKoZ1IzjOEAwIDRwAWRAIgB7e0alt+k 
8cxoNjkDpIPsfIACOvYInUay7Cp75pKzb7ECIACRBUgh 9bAYnSck6LOQi/dEc8D2x 
OCRdZCk1KI3uDDgp 


Keys of AS(65536): 


ski: 47F23BF1AB2F8A9D26864EBBD8DF2711C74406EC 


private key: 
x = 6CB2E931B112F24554BCDCAAFD9553A9 
519A9AF33C023B60846A21FC95583172 


public key: 
Ux = 28FC5SFE9AFCF5F4CAB3F5F85CB212FC1 
E9DOEODBEAEE425BD2F0D3175AA0E989 
Uy = EA9IB603E38F35FB329DF495641F2BA04 
OF1C3AC6138307F257CBA6B8B588F41F 


Router Key Certificate example using OpenSSL 1.0.le-fips 11 Feb 2013 
Certificate: 
Data: 
Version: 3 (0x2) 
Serial Number: 3752143940 (Oxdfa52c44) 
Signature Algorithm: ecdsa-with-SHA256 
Issuer: CN=ROUTER-00010000 
Validity 
Not Before: Jan 1 05:00:00 2017 GMT 
Not After : Jul 1 05:00:00 2018 GMT 
Subject: CN=ROUTER-00010000 
Subject Public Key Info: 
Public Key Algorithm: id-ecPublicKey 
Public-Key: (256 bit) 
pub: 
04:28:fc:5f:e9:af:cf:5f:4c:ab:3f:5f:85:cb:21: 
2£:cl:e9:d0:e0:db:ea:ee:42:5b:d2:f£0:d3:17:5a: 
a0:e9:89:ea: 9b:60:3e:38:f3:5f:b3:29:df:49:56: 
41:£2:ba:04:0f:1c¢c:3a:c6:13:83:07:£2:57:cb:aé6é: 
b8:b5:88:f4:1f 
ASN1 OID: prime256v1 
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X509v3 extensions: 
X509v3 Key Usage: 
Digital Signature 
X509v3 Subject Key Identifier: 
47:F2:3B:F1:AB:2F:8A:9D:26:86: 
4E:BB:D8:DF:27:11:C7:44:06:EC 
X509v3 Extended Key Usage: 
123'.6-..1..595 37233230 
sbgp-autonomousSysNum: critical 
Autonomous System Numbers: 
65536 
Routing Domain Identifiers: 
inherit 


Signature Algorithm: ecdsa-with-SHA256 
30:45:02:21:00:8c:d9:£8:12:96:88:82:74:03:a1:82:82:18: 
c5:31:00:ee:35:38:e8:fa:ae:72:09:fe:98:67:01:78:69:77: 
8c:02:20:5f:ee:3a:bf:10:66:be:28:d3:b3:16:al:6b:db: 66: 
21:99:ed:a6:e4:ad:64:3c:ba:bf:44:fb:cb:b7:50:91:74 


MIIBijJCCATCgAWIBAgIFAN+1LEQwCgYIKoZ1zjO0ERAwIwGJEYMBYGA1UEAwWWPUk9V 
VEVSLTAwMDEWMDAWMB4 XDTE3MDEWMTA1LMDAWMF oXDTE4MDcwMTA1MDAWMF owG JEY 
MBYGA1UEAwwPUk 9VVEVS LTAwWMDEWMDAWMF kwEwYHKoZ1IzjOCAQYIKoZ1IzjODAQcD 
QgAEKPxf6a/PX0yrP1+FyyEvwenQ4Nvq7kJbOvDTFlqg6Ynqm2A+OPNfsynfSVZB 
8roEDxw6xhODB/JxXy 6a4t Y jOH6N JMGEwCwYDVROPBAQDAgeAMBOGA1UdDgQWBBRH 
8jvxqyt+KnSaGTrvyY 3ycRx00G7DATBgNVHSUEDDAKBggrBgEFBOcDH jAeBggrBgEF 
BOCBCAEB /wQPMA2gBzAFAgMBAAChAgUAMA0GCCqGSM4 9BAMCA0DgAMEUCIQCM2fgS 
loiCdAOhgolYxTEA7 jU4 6Pqucgn+mGcBeG13 jAIgxX+46vxBmvijTsxaha9tmIZnt 
puStZDy6v0T7y7dQkxQ= 
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A.3. BGPsec IPv4 


BGPsec IPv4 UPDATE from AS (65536) to AS(65537): 


Binary Form of BGPsec UPDATE (TCP-DUMP) : 


EF OUBRE ¢PE FPO FE CURE FE GRE (PF ORBOCER PE EE -EP. BE EFE 
01 03 02 00 00 00 EC 40 01 01 02 80 04 04 00 00 
00 00 80 0E OD 00 01 01 04 C6 33 64 64 00 18 CO 
00 02 90 1E 00 CD 00 OE 01 00 00 01 00 00 01 00 
00 00 FB FO 00 BF 01 47 F2 3B F1 AB 2F 8A 9D 26 
86 4E BB D8 DF 27 11 C7 44 06 EC 00 48 30 46 02 
21 00 EF D4 8B 2A AC B6 A8 FD 11 40 DD 9C D4 5E 
81 D6 9D 2C 87 7B 56 AA F9 91 C3 4D OE A8 4E AF 
37 16 02 21 00 90 F2 C1 29 AB B2 F3 9B 6A 07 96 
3B D5 55 A8 7A B2 B7 33 3B 7B 91 F1 66 8F D8 61 
8C 83 FA C3 F1 AB 4D 91 OF 55 CA E7 1A 21 5E F3 
CA FE 3A CC 45 B5 EE C1 54 00 48 30 46 02 21 00 
EF D4 8B 2A AC B6 A8 FD 11 40 DD 9C D4 5E 81 D6 
9D 2C 87 7B 56 AA F9 91 C3 4D OF A8 4E AF 37 16 
02 21 00 8E 21 F6 OE 44 C6 06 6C 8B 8A 95 A3 CO 
9D 3A D4 37 95 85 A2 D7 28 EE AD 07 Al 7E D7 AA 
05 5E CA 


Signature from AS(64496) to AS (65536): 

Digest: 21 33 E5 CA A0 26 BE 07 3D 9C 1B 4E FE B9 B9 77 
9F 20 F8 F5 DE 29 FA 98 40 00 9F 60 47 DO 81 54 

Signature: 30 46 02 21 00 EF D4 8B 2A AC B6 A8 FD 11 40 DD 
9C D4 5E 81 D6 9D 2C 87 7B 56 AA F9 91 C3 4D OE 
A8 4E AF 37 16 02 21 00 8E 21 F6 OE 44 C6 06 6C 
8B 8A 95 A3 CO 9D 3A D4 37 95 85 A2 D7 28 EE AD 


Signature from AS (65536) to AS (65537): 

Digest: 01 4F 24 DA E2 A5 21 90 BO 80 5C 60 5D BO 63 54 
22 3E 93 BA 41 1D 3D 82 A3 EC 26 36 52 OC 5F 84 

Signature: 30 46 02 21 00 EF D4 8B 2A AC B6 A8 FD 11 40 DD 
9C D4 5E 81 D6 9D 2C 87 7B 56 AA F9 91 C3 4D OE 
A8 4E AF 37 16 02 21 00 90 F2 C1 29 AB B2 F3 9B 
6A 07 96 3B D5 55 A8 7A B2 B7 33 3B 7B 91 F1 66 


The human-readable output is produced using bgpsec-io, a BGPsec 
traffic generator that uses a Wireshark-like printout. 
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Send 
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UPDATE Message 


+--marker: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 


+- 
+-—-— 


length: 259 
type: 2 (UPDATE) 


+--withdrawn_routes_length: 0 


+- 


Turner & 


total_path_attr_length: 236 
+--ORIGIN: INCOMPLETE (4 bytes) 
+--Flags: 0x40 (Well-Known, Transitive, Complete) 
+--Type Code: ORIGIN (1) 
+--Length: 1 byte 
+--Origin: INCOMPLETE (1) 
+--MULTI_EXIT_DISC (7 bytes) 
+--Flags: 0x80 (Optional, Non-transitive, Complete) 
+--Type Code: MULTI_EXIT_DISC (4) 
+--Length: 4 bytes 
+--data: 00 00 00 00 
+--MP_REACH_NLRI (16 bytes) 
+--Flags: 0x80 (Optional, Non-transitive, Complete) 
+--Type Code: MP_REACH_NLRI (14) 
+--Length: 13 bytes 
+--Address family: IPv4 (1) 
+--Subsequent address family identifier: Unicast (1) 
+--Next hop network address: (4 bytes) 
| +--Next hop: 198.51.100.100 
+--Subnetwork points of attachment: 0 
+--Network layer reachability information: (4 bytes) 
+--192.0.2.0/24 
+--MP Reach NLRI prefix length: 24 
+--MP Reach NLRI IPv4 prefix: 192.0.2.0 
+--BGPSEC Path Attribute (209 bytes) 
+--Flags: 0x90 (Optional, Complete, Extended Length) 
+--Type Code: BGPSEC Path Attribute (30) 
+--Length: 205 bytes 
+--Secure Path (14 bytes) 
+--Length: 14 bytes 
+--Secure Path Segment: (6 bytes) 
| +--pCount: 1 
| +--Flags: 0 
| +--AS number: 65536 (1.0) 
+--Secure Path Segment: (6 bytes) 
+--pCount: 1 
+--Flags: 0 
+--AS number: 64496 (0.64496) 
+--Signature Block (191 bytes) 
+--Length: 191 bytes 
+--Algo ID: 1 
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+--Signature Segment: 
+--SKL: 
+--Length: 


+--Signature Segment: 
+==SKI? 
+--Length: 


A.4. BGPsec IPv6 


BGPsec IPv6 


BGPsec Algs, 


Key & Signature Formats 


(94 bytes) 


47F23BF1AB2F 8A9D2 68 64EBBD8DF2711C74406EC 


72 


+--Signature: 


bytes 
3046022100EFD48B 
9CD45E81D69D2C87 
A84EAF3716022100 
6A07963BD555A87A 
8FD8618C83FAC3F1 
(94 bytes) 


2AACB6A8FD1140DD 
7B56AAF991C34D0E 
90F2C12 9ABB2F39B 
B2B7333B7B91F166 


AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154 


72 


+--Signature: 


UPDATE from AS (65536) 


bytes 

3046022100EFD48B 
9CD45E81D69D2C87 
A8 4EAF3716022100 
8B8A95A3C09D3AD4 
07A17ED7AA055ECA 


2AACB6A8FD1140DD 
7B56AAF991C34D0E 
8E21F 60E44C6066C 
379585A2D72 8EEAD 


to AS (65537): 


Binary Form of 


FF FF 
01 10 
00 00 
00 00 
1E 00 
FO 00 
D8 DF 
D4 8B 
2C 87 
21 00 
7C CS 
06 26 
CC 45 
2A AC 
7B 56 
E2 AO 
19 79 


FF 
02 
80 
00 
CD 
BF 
27 
2A 
7B 
D1 
BC 
AB 
B5 
B6 
AA 
2C 
20 


FF 
00 
OF 
00 
00 
01 
11 
AC 
56 
B9 
D6 
4D 
EE 
A8 
F9 
68 
OC 


FF 
00 
1A 
00 
0E 
47 
C7 
B6 
AA 
4F 
74 
91 
C1 
FD 
91 
FE 
91 
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BGP/BGPsec UPDATE (TCP-DUMP) : 

FF FF FF FF FF FF FF FF FF FF 
00 F9 40 01 01 02 80 04 04 00 
00 02 01 10 FD 00 00 00 00 00 
C6 33 64 64 00 20 20 01 OD B8 
01 00 00 01 00 00 01 00 00 00 
F2 3B Fl AB 2F 8A 9D 26 86 4E 
44 06 EC 00 48 30 46 02 21 00 
A8 FD 11 40 DD 9C D4 5E 81 D6 
F9 91 C3 4D OE A8 4E AF 37 16 
62 51 04 6D 21 36 Al 05 BO F4 
D9 7D 28 E6 1B 8F 43 BD DE 91 
OF 55 CA E7 1A 21 5E F3 CA FE 
54 00 48 30 46 02 21 00 EF D4 
11 40 DD 9C D4 5E 81 D6 9D 2C 
C3 4D OE A8 4E AF 37 16 02 21 
53 CB 96 93 4C 78 1F 5A 14 A2 
56 ED F8 55 05 8E 80 53 F4 AC 
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FF 
00 
00 
90 
FB 
BB 
EF 
9D 
02 
72 
C3 
3A 
8B 
87 
00 
97 
D3 
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Signature from AS(64496) to AS(65536): 


Signature: 30 46 02 21 00 EF D4 8B 2A 


Signature from AS(65536) to AS(65537): 


Digest 44 49 EC 70 8D EC 5C 85 00 
FF A9 3C 95 31 61 01 2D EE 

Signature: 30 46 02 21 00 EF D4 8B 2A 
9C D4 5E 81 D6 9D 2C 87 7B 
A8 4E AF 37 16 02 21 00 D1 
36 Al 05 BO F4 72 7C C5 BC 
8F 43 BD DE 91 C3 06 26 


1D 
AC 
AC 
56 
AO 
79 


C2 
7E 
AC 
56 
B9 
D6 


80 
FC 
B6 
AA 
2C 
20 


17 
EE 
B6 
AA 
4F 
74 


46 
77 
A8 
F9 
68 
OC 


8C 
05 
A8 
F9 
62 
D9 
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01 
55 
FD 
91 
FE 
91 


72 
46 
FD 
91 
5I 
7D 


D6 
6D 
11 
C3 
53 
56 


FE 
AF 
11 
C3 
04 
28 


The human-readable output is produced using bgpsec-io, 
traffic generator that uses a Wireshark-like printout. 


Send UPDATE Message 


+--marker: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 


+--length: 272 

+--type: 2 (UPDATE) 

+--withdrawn_routes_length: 0 

+--total_path_attr_length: 249 
+--ORIGIN: INCOMPLETE (4 bytes) 


+--Type Code: ORIGIN (1) 
+--Length: 1 byte 
+--Origin: INCOMPLETE (1) 
+--MULTI_EXIT_DISC (7 bytes) 


+--Length: 4 bytes 
+--data: 00 00 00 00 
+--MP_REACH_NLRI (29 bytes) 


+--Length: 26 bytes 
+--Address family: IPv6 (2) 
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0 


+--Flags: 0x40 (Well-Known, Transitive, 


+--Flags: 0x80 (Optional, Non-transitive, 
+--Type Code: MULTI_EXIT_DISC (4) 


+--Flags: 0x80 (Optional, Non-transitive, 
+--Type Code: MP_REACH_NLRI (14) 


+--Subsequent address family identifier: 
+--Next hop network address: (16 bytes) 

| +--Next hop: fd00:0000:0000:0000:0000:0000:c633:6464 
+--Subnetwork points of attachment: 


55 
06 
40 
4D 
CB 
ED 


4C 
5F 
40 
4D 
6D 
E6 


FC 
C7 
DD 
OE 
96 
F8 


79 
DO 
DD 
OE 
21 
1B 


June 2019 


a BGPsec 


Complete) 


Complete) 


Complete) 


Unicast 


(1) 
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+--Network layer reachability information: 


+--2001:db8::/32 


+--MP Reach NLRI prefix length: 
+--MP Reach NLRI IPv6 prefix: 
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(5 bytes) 


32 
2001:db8:: 


+--BGPSEC Path Attribute (209 bytes) 
+--Flags: 0x90 (Optional, Complete, Extended Length) 
+--Type Code: BGPSEC Path Attribute (30) 
+--Length: 205 bytes 
+--Secure Path (14 bytes) 
+--Length: 14 bytes 
+--Secure Path Segment: (6 bytes) 
| +--pCount: 1 
| +--Flags: 0 
| +--AS number: 65536 (1.0) 
+--Secure Path Segment: (6 bytes) 
+--pCount: 1 
+--Flags: 0 
+--AS number: 64496 (0.64496) 
+--Signature Block (191 bytes) 
+--Length: 191 bytes 
+--Algo ID: 1 
+--Signature Segment: (94 bytes) 


+--Signature Segment: 


Turner & Borchert 


+==SKL: 

+--Length: 72 bytes 

+--Signature: 3046022100EFD48B 
9CD45E81D69D2C87 
A84EAF3716022100 
36A105BOF4727CC5 
8F43BDDE91C30626 


(94 bytes) 


+--SKI: 

+--Length: 72 bytes 

+--Signature: 3046022100EFD48B 
9CD45E81D69D2C87 
A84EAF3716022100 
934C781F5A14A297 
55058E8053F4ACD3 
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47F23BF1AB2F 8A9D2 68 64EBBD8DF2711C74406EC 


2AACB6A8FD1140DD 
7B56AAF991C34D0E 
D1B94F6251046D21 
BCD674D97D28E61B 


AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154 


2AACB6A8FD1140DD 
7B56AAF991C34D0E 
E2A02C68FE53CB96 
1979200C9156EDF8 
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